I am creating a server-driven game on iOS that allows players to create a Game Account for multi-device play. My game has In-App Purchases (IAP) that are non-consumable and can be restored or re-downloaded by the original purchaser.

I would prefer that players cannot restore their IAP to multiple Game Accounts. Is this possible given Apple's rules?

Taking Hero Academy for example, it is possible for.

Player1 to buy all of the IAP on his Game Account and iTunes account

Player1 to log in to Player2's Hero Academy Game Account

Player1 to re-download the non-consumable IAP into Player2's Game Account, giving Player2 permissions to all of the IAP

Player2 to login to his Game Account on his own device and now have permissions for all of the IAP

Result is: Player2 has gotten all of the IAP for free.

I may be able to read in their iTunes account and restrict iTunes restore purchases to a single Game Account. Implementing that solution seems contrary to Apple's guidelines for restoring non-consumable IAPs.

I may consider the purchases consumable and applicable only to a single account, but that seems to skirt Apple's guidelines and would be poor end-user design.

I suspect that the answer may lie in using something like NSUbiquitousKeyValueStore. This does require the user to use iCloud, but I think most users do. If I understand it correctly, this is an iCloud-based key value store and would therefore be associated with one particular AppleID.

By keeping your own Hero Academy ID there, I think you would be, in effect, syncing it with a particular AppleID. This would be that in step 2 of your exploit, Player2 would have needed to have given both his AppleID and password to Player1. Many people aren't willing to do this. Some are, however, and to prevent this I think you'd have to program your game so that it checked permissions against the NSUbiquitousKeyValueStore. In other words, you'd have to have the special purchase associated actively with your AppleID at the time that you used it.

Your game would never actually see the actual AppleID, but it would be able to distinguish one iCloud store from another by the Hero Academy played ID that you had placed within it.

I'm trying to do something similar for similar reasons in an app that I am developing now. I haven't tested enough to be sure that the above approach works, but so far it seems promising.